File Inclusion Vulnerability in SourceCodester Simple Online Bidding System
CVE-2024-7911

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Simple Online Bidding System
Vendor: CVE Published:; 18 August 2024

Summary

A critical security flaw has been discovered in the SourceCodester Simple Online Bidding System version 1.0, affecting the bidding index.php file. This vulnerability allows attack vectors where malicious users can manipulate the 'page' argument to perform unauthorized file inclusion. The exploitation of this flaw can be executed remotely, potentially exposing sensitive system files and posing a significant security threat to users and organizations utilizing this software. The exploit has been publicly disclosed, and immediate actions should be taken to mitigate associated risks.

References

https://vuldb.com/?id.275037

https://vuldb.com/?ctiid.275037

https://vuldb.com/?submit.391657

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2024